Information processing apparatus capable of reducing damage caused by invalid execution data, control method therefor, and storage medium

ABSTRACT

An information processing apparatus which is capable of reducing damage caused by invalid execution data received via a public network. The information processing apparatus carries out either communications using the public network or communications without using the public network with an external apparatus. An IP address assigned to the information processing apparatus is stored. Execution data for executing a job is received from the external apparatus. When the IP address assigned to the information processing apparatus is a global IP address that is for use in the communications using the public network, a setting is made to restrict execution of the execution data.

BACKGROUND OF THE INVENTION

Field of the Invention

The present invention relates to an information processing apparatus, acontrol method therefor, and a storage medium storage.

Description of the Related Art

There is known an MFP which is an information processing apparatuscarrying out data communications with communication apparatuses such asPCs (personal computers). The MFP carries out data communications withthe communication apparatuses to, for example, receive print data forexecuting a print job from the communication apparatuses and also causethe communication apparatuses to display, for example, settinginformation on the MFP. The MFP is connected to both of a local networkand a global network and carries out data communications with thecommunication apparatuses connected to those networks. In the localnetwork, the MFP carries out data communications with only thecommunication apparatuses connected to the MFP within a limited areasuch as an office without using a public network such as the Internet.On the other hand, in the global network, the MFP carries out datacommunications with communication apparatuses connected to the publicnetwork.

In communications over the global network, global IP addresses uniquelyassigned to respective apparatuses are used to identify the party at theend of communication. A global IP address unique to an MFP and foridentifying the MFP is assigned to the MFP connected to the globalnetwork, and the global IP address of the MFP is exposed to anindefinite number of communication apparatuses connected to the globalnetwork. For this reason, there may be a situation in which a malicioususer accesses the MFP by using the global IP address of the MFP which isexposed to the public and sees setting information on the MFP. Toaddress this problem, there has conventionally been a technique thatrestricts provision of some information in a case where a global IPaddress is assigned to the MFP (see, for example, Japanese Laid-OpenPatent Publication No. 2016-119581). This technique makes it possible toavoid a situation in which setting information on the MFP is leaked out.

The technique described in Japanese Laid-Open Patent Publication No.2016-119581 above would cause a disadvantage when invalid execution datais received via the public network although a situation in which settinginformation on the MFP is lead out can be avoided. For example, when amalicious user sends a large amount of invalid print data to the MFP byusing a global IP address of the MFP which is exposed to the public, theMFP performs printing on all of the print data it has received, and as aresult, a large amount of unnecessary prints are produced. Namely, theconventional MFP cannot reduce damage caused by invalid execution datareceived via the public network.

SUMMARY OF THE INVENTION

The present invention provides an information processing apparatus andan image communication method therefor, which are capable of reducingdamage caused by invalid execution data received via a public network,as well as a storage medium.

Accordingly, the present invention provides an information processingapparatus that carries out either communications using a public networkor communications without using the public network with an externalapparatus, comprising a storage unit configured to store an IP addressassigned to the information processing apparatus, a receiving unitconfigured to receive execution data for executing a job from theexternal apparatus, and a setting unit configured to, when the IPaddress assigned to the information processing apparatus is a global IPaddress that is for use in the communications using the public network,make a setting to restrict execution of the execution data.

According to the present invention, damage caused by invalid executiondata received via a public network is reduced.

Further features of the present invention will become apparent from thefollowing description of exemplary embodiments (with reference to theattached drawings).

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram schematically showing an arrangement of acommunication system including an MFP which is an information processingapparatus according to a first embodiment of the present invention.

FIG. 2 is a block diagram schematically showing an arrangement ofsoftware modules of the MFP in FIG. 1.

FIG. 3 is a flowchart showing the procedure of a rule updating processwhich is carried out by the MFP in FIG. 1.

FIG. 4 is a view showing an example of a confirmation screen which isdisplayed on an operating unit in FIG. 1.

FIG. 5 is a block diagram schematically showing an arrangement ofsoftware modules of an MFP according to a second embodiment of thepresent invention.

FIG. 6 is a view showing an example of a selecting screen which isdisplayed on the operating unit in FIG. 1.

DESCRIPTION OF THE EMBODIMENTS

Embodiments of the present invention will now be described in detailwith reference to the accompanying drawings.

First, a description will be given of an information processingapparatus according to a first embodiment of the present invention.

It should be noted that in the following description of the presentembodiment, the present invention is applied to an MFP which carries outdata communications via a public network, but the present invention maybe applied to other apparatuses such as PCs which are capable ofcarrying out data communications via a public network.

FIG. 1 is a block diagram schematically showing an arrangement of acommunication system 100 including the MFP 101 which is the informationprocessing apparatus according to the first embodiment of the presentinvention.

Referring to FIG. 1, the communication system 100 has the MFP 101 andPCs 102 to 104. The MFP 101, the PC 102, and the PC 103 are connected toone another via a LAN 106, and the PC 104 is connected to the LAN 106via the Internet 107 and a router 105.

The MFP 101 is an image forming apparatus, which carries out an imageforming process, and executes jobs such as printing and scanning. TheMFP 101 also carries out data communications with the PCs 102 to 104. Itshould be noted that an internal arrangement of the MFP 101 will bedescribed later. The PCs 102 to 104 have a communication function andcarry out data communications with the MFP 101. For example, the PCs 102to 104 send execution data, which are for executing jobs, to the MFP101. The execution data are, for example, print data for executing aprint job. The PCs 102 to 104 also display an operating screen forviewing and editing a variety of setting information.

In the communication system 100, the MFP 101 carries out datacommunications with apparatuses to which the MFP 101 is connected viathe LAN 106, and more specifically, the PC 102 and the PC 103 withoutthe Internet 107 (hereafter referred to as “the local networkcommunications”). The local network communications are, for example,in-house network communications permitted for only specific apparatusesand ensure a certain level of security. The MFP 101 also carries outdata communications with the PC 104 via the LAN 106 via the Internet 107(hereafter referred to as “the global network communications”).

In the local network communications and the global networkcommunications, IP addresses uniquely assigned to respective apparatusesare used to identify the party at the other end of the communication.The IP addresses are categorized as private IP addresses and global IPaddresses as shown in Table 1 below.

TABLE 1 Risk of IP address IP address unauthorized space space intrusionfrom (for IPv4) (for IPv6) the Internet Private IP 10.0.0.0- fc00::/7 Noaddress 10.255.255.255 172.16.0.0- 172.31.255.255 192.168.0.0-192.168.255.255 Global IP Other than the Other than the Yes addressabove above

Private IP addresses are used for the local network communications.Private IP addresses are not used for the global network communications,and hence the private IP addresses are never exposed to externalapparatuses connected to the Internet 107. For this reason, when, forexample, a private IP address is assigned to the MFP 101, nounauthorized access from external apparatuses is made to the MFP 101 viathe Internet 107.

A global IP address includes information on a network to which anapparatus with the global IP address assigned thereto belongs. A globalIP address is used for the global network communications as well as thelocal network communications, and hence it may be exposed to anindefinite number of external apparatuses connected via the Internet107. In this case, when, for example, a global IP address is assigned tothe MFP 101, it is feared that a malicious user will make unauthorizedaccess to the MFP 101 by using the global IP address of the MFP 101exposed to the public. It should be noted that the present embodiment isbased on the assumption that, for example, a global IP address(111.112.113.114) is assigned to the MFP 101. The present embodiment isalso based on the assumption that it is feared that a malicious userwill make unauthorized access to the MFP 101. On the other hand, it isassumed that IP addresses for carrying out the local networkcommunications with the MFP 101 are assigned to the PC 102 and the PC103, and more specifically, a private IP address (192.168.0.0) isassigned to the PC 102, and a global IP address (111.112.113.224), whichindicates the same network to which the MFP 101 belongs, is assigned tothe PC 102. It is also assumed that a global IP address(115.115.116.228), which indicates a network different from the networkto which the MFP 101 belongs, is assigned to the PC 104.

A description will now be given of an arrangement of the MFP 101.

Referring to FIG. 1, the MFP 101 has a CPU 108, a RAM 109, a storagedevice 110, a printing unit 111, a scanning unit 112, an operating unit113, a setting storage unit 114, and a network communication unit 115(receiving unit). The CPU 108, the RAM 109, the storage device 110, theprinting unit 111, the scanning unit 112, the operating unit 113, thesetting storage unit 114, and the network communication unit 115 areconnected to one another via a system bus 116.

The CPU 108 carries out processes of software modules 200 in FIG. 2 forperforming functions of the MFP 101. The RAM 109 is used as a work areafor the CPU 108 and also used as a temporary storage area for each pieceof data. The storage device 110 stores programs, which are executed bythe CPU 108, and each piece of data. The printing unit 111 performsprinting on sheets based on obtained print data. The scanning unit 112reads originals mounted on an original platen glass, not shown. Theoperating unit 113 has a display unit and a plurality of operating keys,which are not shown. The operating unit 113 displays, on the MFP 101,for example a setting screen for configuring settings on the displayunit or the like, and receives input information input by a useroperating the operating keys. The setting storage unit 114 storessetting data on the MFP 101, and for example, stores address informationincluding an IP address of the MFP 101. The network communication unit115 controls data communications with the PCs 102 to 104. For example,the network communication unit 115 receives execution data from the PCs102 to 104.

FIG. 2 is a block diagram schematically showing an arrangement of thesoftware modules 200 of the MFP 101 in FIG. 1.

Referring to FIG. 2, the software modules 200 include a firewall module201, a communication function module 202, and a global IP restrictionmodule 203. The processes of the software modules 200 are carried out bythe CPU 108 executing programs stored in the storage device 110.

The firewall module 201 determines whether or not the MFP 101 is toexecute execution data received from the PCs 102 to 104. The executiondata include IP addresses assigned to apparatuses which are senders.Specifically, the firewall module 201 obtains execution data, which wasreceived by the MFP 101, from the network communication unit 115, andbased on determination rules in Table 2 below, determines whether or notto output the obtained execution data to the communication functionmodule 202.

TABLE 2 Rule 1 All of received data Deny Rule 2 Received from a Permitprivate IP address Rule 3 Received from the Permit same network

The determination rules include criteria by which to determine whetheror not to output the execution data to the communication function module202, and they are set by the global IP restriction module 203. Thefirewall module 201 reads the determination rules on a row-by-row basisfrom the first row, for example, from the row of Rule 1 in Table 2 andsuccessively carries out processes described in the rules that have beenread.

The communication function module 202 carries out a predeterminedcommunication process based on the execution data obtained from thefirewall module 201. The predetermined communication process is, forexample, a process in which configuration information on the MFP 101 orthe like is obtained by using a communication protocol such as SNMP(Simple Network Management Protocol) or a process in which classifiedinformation such as document data held by the MFP 101 is obtained. Itshould be noted that in the present embodiment, there may be a pluralityof communication function modules 202 so as to perform differentfunctions according to respective network communication port numbers.

The communication function module 202 also sends a result obtained bycarrying out the predetermined communication process to the networkcommunication unit 115. The global IP restriction module 203 sets thedetermination rules based on the IP address of the MFP 101.

FIG. 3 is a flowchart showing the procedure of a rule updating processwhich is carried out by the MFP 101 in FIG. 1.

The rule updating process in FIG. 3 is carried out by the CPU 108executing programs stored in the storage device 110. The rule updatingprocess in FIG. 3 is carried out continuously from startup of the MFP101 to shutdown of the MFP 101. It should be noted that in the followingdescription, it is assumed that determination rules are set in advancefor an IP address of the MFP 101 at a certain point.

Referring to FIG. 3, first, the CPU 108 obtains address information onthe MFP 101 from the setting storage unit 114 (step S301). The addressinformation includes an IP address of the MFP 101 and a subnet mask foridentifying a network represented by the IP address. The addressinformation is information that is set by the user operating theoperating unit 113 or is automatically assigned by using DHCP (DynamicHost Configuration Protocol).

Next, based on the obtained address information, the CPU 108 determineswhether or not the IP address of the MFP 101 has been changed (stepS302). In the step S302, when, for example, the IP address included inthe obtained address information is different from the IP address at thetime when the determination rules were set, the CPU 108 determines thatthe IP address of the MFP 101 has been changed. On the other hand, whenthe IP address included in the obtained address information is the sameas the IP address at the time when the determination rules were set, theCPU 108 determines that the IP address of the MFP 101 has not beenchanged.

As a result of the determination in the step S302, when the IP addressof the MFP 101 has not been changed, the CPU 108 returns to the processin the step S301. On the other hand, as a result of the determination inthe step S302, when the IP address of the MFP 101 has been changed, theCPU 108 deletes the determination rules set in advance (step S303).Then, the CPU 108 determines whether or not the IP address of the MFP101 is a global IP address (step S304). In the step S304, for example,when the IP address included in the obtained address information matchesany of the private IP addresses shown in Table 1, the CPU 108 determinesthat the IP address of the MFP 101 is not a global IP address. On theother hand, when the IP address included in the obtained addressinformation does not match any of the private IP addresses shown inTable 1, the CPU 108 determines that the IP address of the MFP 101 is aglobal IP address.

As a result of the determination in the step S304, when the IP addressof the MFP 101 is not a global IP address, the CPU 108 returns to theprocess in the step S301. On the other hand, as a result of thedetermination in the step S304, when the IP address of the MFP 101 is aglobal IP address, the CPU 108 displays a confirmation screen 401 inFIG. 4 on the operating unit 113 (step S305). The confirmation screen401 notifies the user that execution of execution data is to berestricted due to the change in the IP address of the MFP 101. Theconfirmation screen 401 has an OK button 402 and a cancel button 403.The OK button 402 is for indicating consent to restrict execution ofexecution data, and the cancel button 403 is for indicating aninstruction to cancel an operation on the confirmation screen 401. Then,upon detecting a selecting operation performed by the user on theconfirmation screen 401, the CPU 108 determines which of the OK button402 and the cancel button 403 has been selected (step S306).

As a result of the determination in the step S306, when the cancelbutton 403 has been selected, the CPU 108 returns to the process in thestep S301. On the other hand, as a result of the determination in thestep S306, when the OK button 402 has been selected, the CPU 108identifies a network to which the MFP 101 belongs based on the obtainedaddress information (step S307). In the step S307, the network to whichthe MFP 101 belongs is identified by logical ANDing the IP address andthe subnet mask included in the address information. For example, whenthe IP address and the subnet mask included in the address informationare (111.112.113.114) and (225.225.225.0), the network to which the MFP101 belongs is (111.112.113.0).

Then, the CPU 108 sets determination rules (step S308). As a result, inthe MFP 101, execution of execution data received from externalapparatuses is restricted according to the set determination rules. Forexample, when the MFP 101 receives execution data in a case where Rules1 to 3 are set as shown in Table 2, the MFP 101 follows Rule 1 anddetermines whether or not to execute the execution data based on an IPaddress of a sender of the execution data without immediately executingthe execution data. Execution data received from an apparatus thatensures a certain level of security in data communications such as anapparatus that applies to Rule 2, for example, the PC 102 or anapparatus that applies to Rule 3, for example, the PC 103 is veryunlikely to be invalid execution data and is thus highly reliableexecution data, and hence the MFP 101 executes the execution data. Onthe other hand, execution data received from an apparatus that apply toneither Rule 2 nor Rule 3, for example, the PC 104 is likely to beinvalid execution data, and therefore, the MFP 101 does not execute theexecution data. After that, the CPU 108 returns to the process in thestep S301.

According to the present embodiment described above, when the IP addressof the MFP 101 is a global IP address, execution of received executiondata is restricted. This prevents all of received execution data frombeing executed and therefore reduces damage caused by invalid executiondata received via the Internet 107.

Moreover, in the present embodiment described above, execution ofexecution data received from the PC 102 to which a private IP address isapplied is permitted. Also, execution of execution data received fromthe PC 103 to which an IP address belonging to the same network as an IPaddress of the MFP 101 is permitted. Namely, execution of highlyreliable execution data received from an apparatus that ensures acertain level of security in data communications is permitted. Thisreduces damage caused by invalid execution data received via theInternet 107 and thus avoids a situation in which highly reliableexecution data is not executed and processing on the execution data isdelayed.

Further, in the present embodiment described above, when the IP addressof the MFP 101 is a global IP address, notification that execution ofreceived execution data is to be restricted is provided. This reliablyenables the user to know that execution of received execution data is tobe restricted.

In the present embodiment described above, execution data is print datafor executing a print job. This avoids a situation in which sheets arewasted by producing a large amount of prints when a large amount ofinvalid print data is received via the Internet 107.

It should be noted that the determination rules may be set withoutdisplaying the confirmation screen 401. For example, in the process inFIG. 3, when it is determined in the step S304 that the IP address ofthe MFP 101 is a global IP address, the CPU 108 carries out theprocesses in the step S307 and the subsequent steps. This enables thesetting of determination rules appropriate to the IP address of the MFP101 to take effect at the moment when the IP address is assigned to theMFP 101. As a result, execution of execution data is properly restrictedfrom the moment when the IP address is assigned to the MFP 101.

A description will now be given of an information processing apparatusaccording to a second embodiment of the present invention.

The second embodiment of the present invention is basically the same asthe first embodiment in terms of constructions and operations. Thesecond embodiment of the present invention, however, differs from thefirst embodiment in that an MFP has a firewall setting module, and hencefeatures of constructions and operations that are the same as those inthe first embodiment will thus not be described, only constructions andoperations different from those of the first embodiment being describedbelow.

FIG. 5 is a block diagram schematically showing an arrangement ofsoftware modules 501 of an MFP 501 according to the second embodiment ofthe present invention.

Referring to FIG. 5, the software modules 501 include a firewall settingmodule 502 as well as the firewall module 201, the communicationfunction module 202, and the global IP restriction module 203 in FIG. 2.The processes of the software modules 501 are carried out by the CPU 108executing programs stored in the storage device 110.

In the software modules 501, the firewall module 201 stores a result ofdetermination as to whether or not to execute received execution data inan audit log in Table 3 and stores the audit log in the setting storageunit 114.

TABLE 3 ACCEPT SRC = 111.112.113.224 DST = 111.112.113.114 DROP SRC =114.115.116.228 DST = 111.112.113.114 DROP SCR = 111.112.114.225 DST =111.112.113.114

In the audit log, information in a row starting with “ACCEPT” representsan IP address of a sender of execution data, for which it has beendetermined that the execution data is to be executed and which has beenoutput to the communication function module 202, as well as an IPaddress of the MFP 101. Information in a row starting with “DROP”represents an IP address of a sender of execution data, for which it hasbeen determined that the execution data is not to be executed and whichhas not been output to the communication function module 202 (hereafterreferred to as “unexecuted data”), as well as the IP address of the MFP101.

The firewall setting module 502 obtains the audit log from the settingstorage unit 114 and creates a list of senders of unexecuted data basedon the obtained audit log. As a result, the CPU 108 displays, on theoperating unit 113, a selection screen 601 in FIG. 6 which prompts theuser to select an IP address of an apparatus for which execution ispermitted (hereafter referred to as “the user-permitted IP address”)from among the senders of the unexecuted data. The selection screen 601has a list 602, a permit button 604, and a cancel button 605. In thelist 602, the IP addresses of the senders of the unexecuted data andcheckboxes 603 for selecting the IP addresses are displayed in listform. The permit button 604 is for issuing an instruction to set the IPaddress for which the checkbox 603 is selected as the user-permitted IPaddress. The cancel button 605 is for issuing an instruction to cancelthe setting on the selection screen 601. When the user selects thecheckbox 603 for any of the IP addresses and selects the permit button604, the CPU 108 newly adds Rule 4 to the determination rules as shownin Table 4 below.

TABLE 4 Rule 1 All of received data Deny Rule 2 Received from a Permitprivate IP address Rule 3 Received from the Permit same network Rule 4Received from an Permit additional IP address

Rule 4 indicates that execution of execution data received from the IPaddress selected on the selection screen 601 is permitted. As a result,when execution data that applies to neither Rule 2 nor Rule 3 but ishighly reliable is received, execution of the execution data is easilypermitted.

Other Embodiments

Embodiment(s) of the present invention can also be realized by acomputer of a system or apparatus that reads out and executes computerexecutable instructions (e.g., one or more programs) recorded on astorage medium (which may also be referred to more fully as a‘non-transitory computer-readable storage medium’) to perform thefunctions of one or more of the above-described embodiment(s) and/orthat includes one or more circuits (e.g., application specificintegrated circuit (ASIC)) for performing the functions of one or moreof the above-described embodiment(s), and by a method performed by thecomputer of the system or apparatus by, for example, reading out andexecuting the computer executable instructions from the storage mediumto perform the functions of one or more of the above-describedembodiment(s) and/or controlling the one or more circuits to perform thefunctions of one or more of the above-described embodiment(s). Thecomputer may comprise one or more processors (e.g., central processingunit (CPU), micro processing unit (MPU)) and may include a network ofseparate computers or separate processors to read out and execute thecomputer executable instructions. The computer executable instructionsmay be provided to the computer, for example, from a network or thestorage medium. The storage medium may include, for example, one or moreof a hard disk, a random-access memory (RAM), a read only memory (ROM),a storage of distributed computing systems, an optical disk (such as acompact disc (CD), digital versatile disc (DVD), or Blu-ray Disc (BD)™),a flash memory device, a memory card, and the like.

While the present invention has been described with reference toexemplary embodiments, it is to be understood that the invention is notlimited to the disclosed exemplary embodiments. The scope of thefollowing claims is to be accorded the broadest interpretation so as toencompass all such modifications and equivalent structures andfunctions.

This application claims the benefit of Japanese Patent Application No.2017-040454, filed Mar. 3, 2017 which is hereby incorporated byreference herein in its entirety.

What is claimed is:
 1. An information processing apparatus that carriesout either communications using a public network or communicationswithout using the public network with an external apparatus, comprising:a storage device that stores an IP address assigned to the informationprocessing apparatus; a network interface that receives print data forprinting from the external apparatus; at least one memory that stores aset of instructions; and at least one processor that executes theinstructions, the instructions, when executed, causing the informationprocessing apparatus to perform operations comprising: restrictingprinting of the print data when the IP address assigned to theinformation processing apparatus is a global IP address that is for usein the communications using the public network; and permitting printingof the print data when the IP address assigned to the informationprocessing apparatus indicates a same network as an IP address assignedto the external apparatus.
 2. The information processing apparatusaccording to claim 1, wherein the printing of print data received froman external apparatus, to which a private IP address for use in thecommunications carried out without using the public network is assigned,is permitted.
 3. The information processing apparatus according to claim1, wherein the instructions to be executed by the processor furtherinclude an instruction for, when the IP address assigned to theinformation processing apparatus is a global IP address that is for usein the communications using the public network, providing notificationthat printing of the print data is to be restricted.
 4. The informationprocessing apparatus according to claim 1, wherein the instructions tobe executed by the processor further include an instruction forprompting a user to select whether or not to permit printing of printdata received from an external apparatus to which an IP addressindicating a network different from that indicated by the IP addressassigned to the information processing apparatus is assigned.
 5. Theinformation processing apparatus according to claim 1, wherein theinformation processing apparatus is an image forming apparatus thatcarries out an image forming process.
 6. The information processingapparatus according to claim 1, wherein the instructions to be executedby the processor further include an instruction for: restrictingproviding of an operation screen to the external apparatus when the IPaddress assigned to the information processing apparatus is the globalIP address that is for use in the communications using the publicnetwork; and permitting providing of the operation screen to theexternal apparatus when the IP address assigned to the informationprocessing apparatus indicates a same network as an IP address assignedto the external apparatus.
 7. A control method for an informationprocessing apparatus that carries out either communications using apublic network or communications without using the public network withan external apparatus, comprising: storing an IP address assigned to theinformation processing apparatus; receiving print data for printing fromthe external apparatus; restricting printing of the print data when theIP address assigned to the information processing apparatus is a globalIP address that is for use in the communications using the publicnetwork; and permitting printing of the print data when the IP addressassigned to the information processing apparatus indicates a samenetwork as an IP address assigned to the external apparatus.
 8. Anon-transitory computer-readable storage medium storing a program forcausing a computer to execute a control method for an informationprocessing apparatus that carries out either communications using apublic network or communications without using the public network withan external apparatus, the control method comprising: storing an IPaddress assigned to the information processing apparatus; receivingprint data for printing from the external apparatus; restrictingprinting of the print data when the IP address assigned to theinformation processing apparatus is a global IP address that is for usein the communications using the public network; and permitting printingof the print data when the IP address assigned to the informationprocessing apparatus indicates a same network as an IP address assignedto the external apparatus.
 9. An information processing apparatuscomprising: a communication interface; at least one memory that stores aset of instructions; and at least one processor that executes theinstructions, the instructions, when executed, causing the informationprocessing apparatus to perform operations comprising: determiningwhether or not the IP address assigned to the information processingapparatus is a global IP address; deleting data received from anexternal apparatus via the communication interface based on thedetermination that the IP address assigned to the information processingapparatus is the global IP address; and executing a process regardingdata received from the external apparatus via the communicationinterface based on the determination that the IP address assigned to theinformation processing apparatus is not the global IP address.